Main menu

The NHS Needs To Get To Grips With Patient Privacy

I’ve written extensively about the importance of health data in the past year, with tremendous improvements in diagnostics, management and treatment of conditions possible, especially as we begin to capitalize on the power of artificial intelligence.

With great potential however comes great responsibility to do things the right way. A recent report from the Royal Society highlighted the importance of exceptionally robust data governance to ensure that the public are confident that this most sensitive of data is managed correctly.

“Where there is value in accessing data that cannot be open – for example medical data or commercially sensitive industry data – ensuring there are frameworks and agreements in place which facilitate appropriate data sharing in these circumstances,” the report says.

This is crucial as a recent study by UKCloud Healthfound that 65% of people are concerned about the security of their health data, and indeed the Royal Society paper highlighted the importance of bringing the public along on this exciting journey. This is especially key as Care.Data was largely sunk because the public were significantly concerned about the way their data is governed.

Health data is your data

Alas, it seems lessons aren’t being learned. Whilst ostensibly I’m incredibly excited about the work the company is doing, I’ve been critical in the past about the steps DeepMind are taking in terms of ensuring the public are comfortable with the way their health data is used by the company.

The company recently announced a new partnership with Taunton and Somerset NHS Foundation Trust. The partnership will see DeepMind’s Streams app used to give staff easy access to results of x-rays, scans or blood tests by pulling data from medical records and putting it in one place.

Which is great, and the smoother flow of information within hospitals is undoubtedly important. I’m not sure anyone would have any doubts about that, but there remain consistent concerns around data governance in deals such as this.

Earlier this year the national data guardian, Dame Fiona Caldicott, was critical of the legal basis on which a partnership between DeepMind and the Royal Free Trust was conducted, and whilst there’s no question of data integrity in either that partnership or this latest one with Taunton and Somerset, it is my understanding that patients at Taunton and Somerset will have no power to opt out of the data sharing agreement.

It’s a situation that underlines where the power really lies when it comes to our medical data. I’m a firm believer that tremendous things can be achieved, both in terms of patient care but also in medical research, when our medical data is both aggregated and shared, but the pilot of that journey has to be the patient themselves. Medical data is about as sensitive as you can get, so I simply don’t think it will work so long as 3rd parties have full control over how our data is collected, governed and used.

It seems that we’re on the cusp of great things in healthcare, but I’m not sure we’ll get there unless we give patients much more assurance, and control, over how their data is used.